~mediagoblin/mediagoblin#33: 
Login error: TypeError in basic auth's use of bcrypt

When attempting to login to a MediaGoblin instance with basic database authentication enabled (running MediaGoblin master), I'm getting an error. Here's the full traceback:

Traceback (most recent call last):                                                                                                                                                                                 
  File "./mediagoblin/app.py", line 344, in __call__                                                     
    return self.call_backend(environ, start_response)                                                    
  File "/usr/local/lib/python3.9/dist-packages/werkzeug/middleware/shared_data.py", line 260, in __call__                                                                                                          
    return self.app(environ, start_response)                                                             
  File "./mediagoblin/app.py", line 278, in call_backend                                                 
    return self._finish_call_backend(request, environ, start_response)                                                                                                                                             
  File "./mediagoblin/app.py", line 320, in _finish_call_backend                                         
    response = controller(request)                                                                       
  File "./mediagoblin/decorators.py", line 366, in wrapper                                               
    return controller(request, *args, **kwargs)                                                          
  File "./mediagoblin/auth/views.py", line 93, in login                                                  
    user = check_login_simple(                                                                           
  File "./mediagoblin/auth/tools.py", line 172, in check_login_simple                                    
    if not auth.check_password(password, user.pw_hash):                                                                                                                                                            
  File "./mediagoblin/auth/__init__.py", line 42, in check_password                                      
    return hook_handle("auth_check_password",                                                            
  File "./mediagoblin/tools/pluginapi.py", line 306, in hook_handle                                      
    result = callable(*args, **kwargs)                                                                   
  File "./mediagoblin/plugins/basic_auth/__init__.py", line 91, in check_password                                                                                                                                  
    return auth_tools.bcrypt_check_password(raw_pass,                                                    
  File "./mediagoblin/plugins/basic_auth/tools.py", line 51, in bcrypt_check_password                                                                                                                              
    randplus_stored_hash = bcrypt.hashpw(stored_hash, rand_salt)                                         
  File "/usr/local/lib/python3.9/dist-packages/bcrypt/__init__.py", line 79, in hashpw                                                                                                                             
    raise TypeError("Strings must be encoded before hashing")                                            
TypeError: Strings must be encoded before hashing                                       

I suspect that this is the changeset where the problem was introduced: https://git.savannah.gnu.org/cgit/mediagoblin.git/commit/?id=fe01dd00fbebbf46f8cab552b89c402124541cab

Maybe there's a missing str-to-byte conversion?

Status
REPORTED
Submitter
~witten
Assigned to
No-one
Submitted
a month ago
Updated
30 days ago
Labels
No labels applied.

~witten a month ago

I confirmed that rolling back to the Git changeset before bcrypt was introduced makes the login error go away, and I'm able to login successfully again.

~shtrom 30 days ago

I ran into the same problem when working on the tests.

This commit may fix your issue https://git.sr.ht/~shtrom/mediagoblin/commit/9b052dd53dbbe48de6dd7de67f80e95288a2b1eb

Register here or Log in to comment, or comment via email.